CVE-2022-0732

EPSS 2.5%CWE-284

The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.

Affected products

1Byte · Copy9 1Byte · ExactSpy 1Byte · FoneTracker 1Byte · GuestSpy 1Byte · iSpyoo 1Byte · MxSpy 1Byte · SecondClone 1Byte · TheSpyApp 1Byte · The Truth Spy

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cwe.mitre.org/data/definitions/284.html https://kb.cert.org/vuls/id/229438 https://techcrunch.com/2022/02/22/stalkerware-network-spilling-data/https://www.kb.cert.org/vuls/id/229438